PAPP-34356 initial code update for new list alerts api

[tonyc-phantom]

Please ensure your pull request (PR) adheres to the following guidelines:

• Please refer to our contributing documentation for any questions on submitting a pull request, link: Contribution Guide

Pull Request Checklist

Please check if your PR fulfills the following requirements:

• Testing of all the changes has been performed (for bug fixes / features)
• The manual_readme_content.md has been reviewed and added / updated if needed (for bug fixes / features)
• Use the following format for the PR description: <App Name>: <PR Type> - <PR Description>
• Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.
• Verify all checks are passing.
• Do NOT use the next branch of the forked repo. Create separate feature branch for raising the PR.
• Do NOT submit updates to dependencies unless it fixes an issue.

Pull Request Type

Please check the type of change your PR introduces:

• New App
• Bugfix
• Feature
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Documentation
• Other (please describe):

Security Considerations (REQUIRED)

• If you are exposing any endpoints using a REST handler,
  please document them in the manual_readme_content.md.
• If this is a new connector or you are adding new actions
  • Please document in the manual_readme_content.md all methods (eg, OAuth) used to authenticate
    with the service that the connector is integrating with.
  • If any actions are unable to run on SOAR Cloud, please document this in the manual_readme_content.md.
• Are you introducing any new cryptography modules? If yes, please elaborate their purpose:
• Are you are accessing the file system? If yes, please verify that you are only accessing paths returned through
  the Vault API.
• Are you are marking code to be ignored by Semgrep with nosemgrep?
  If yes, please provide justification in an additional comment next to the ignored code.

Release Notes (REQUIRED)

• Provide release notes as part of the PR submission which describe high level points about the changes for the upcoming GA release.

What is the current behavior? (OPTIONAL)

• Describe the current behavior that you are modifying.

What is the new behavior? (OPTIONAL)

• Describe the behavior or changes that are being added by this PR.

Other information (OPTIONAL)

• Any other information that is important to this PR such as screenshots of how the component looks before and after the change.

Pay close attention to (OPTIONAL)

• Any specific code change or test case points which must be addressed/reviewed at the time of GA release.

Screenshots (if relevant)

---

Thanks for contributing!

[tonyc-phantom]

I believe the sanity and integration tests are failing due to scheduled polling problems - however if you follow the AWS links to the failed tests you'll see that with the exception of 1 or 2 flaky sanity tests, all are passing. All 32 of the playbooks are also passing, which you can verify in the links.

I'm not sure why the scheduled polling is consistently failing, and my attempt to research didn't return any results. I am not seeing it passing in previous attempts either? It always errors out with "message": "Failed to execute action 'on poll' on asset '10898'. Error: shutdown while waiting for action result.. ",
Regular on poll is working and I verified that containers are being ingested by pytest.

Finally, apologies for the number of line changes but the new linting using black replaced single with double quotes everywhere and this app is pretty large. My actual changes were to update the list_alerts API endpoints and I also tweaked the parameters for some of the actions so we aren't sending the context data to CrowdStrike anymore. I did this by adding dictionary comprehensions to the following actions:

Handle_list_incidents
Handle_list_incident_behaviors
Handle_list_crowdscores
Handle_query_device
Handle_list_groups
Handle_list_custom_indicators
Handle_quarantine_device
Handle_assign_hosts
Handle_remove_hosts
Handle_list_alerts
Handle_list_detections
Handle_list_sessions

[bbielinski-splunk]

Looks good, left one suggestion to consider

[sodle-splunk]

CS Ingestion tests have been flaky for a long time... I think it's dependent on whether we can keep a steady stream of alerts flowing into the platform?